PatchSiren cyber security CVE debrief
CVE-2026-44089 Totolink CVE debrief
The Totolink EX1200L router is vulnerable to a buffer overflow in the login functionality of the cgi-bin/cstecgi.cgi endpoint. This vulnerability, CVE-2026-44089, could be exploited to cause the program to crash and execute code remotely. An attacker could perform actions as root, including reading and editing data, as well as bricking the router. The vulnerability has been confirmed in version 9.3.5u.6146_B20201023, but may also affect other versions due to unsuccessful vendor contact attempts.
- Vendor
- Totolink
- Product
- EX1200L
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-23
Who should care
Network administrators and security teams responsible for managing and securing Totolink EX1200L routers should be aware of this critical vulnerability. Immediate attention is required to assess the vulnerability's impact on their infrastructure and to apply necessary patches or mitigations. Given the critical severity of this vulnerability, CVE-2026-44089, and its potential for remote code execution, affected organizations should prioritize patching.
Technical summary
CVE-2026-44089 is a critical buffer overflow vulnerability in the Totolink EX1200L router's login functionality located in the cgi-bin/cstecgi.cgi endpoint. The vulnerability has a CVSS score of 9.4 and is considered critical. It allows for remote code execution, enabling an attacker to perform actions as root. The vulnerability has been confirmed in version 9.3.5u.6146_B20201023, but other versions may also be affected. The CVSS vector is CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
This vulnerability requires immediate attention due to its critical severity and potential for remote code execution. Affected organizations should prioritize patching and consider implementing compensating controls to mitigate the risk.
Recommended defensive actions
- Assess the vulnerability's impact on your infrastructure and apply necessary patches or mitigations.
- Consider implementing compensating controls to mitigate the risk.
- Monitor for any suspicious activity related to the affected endpoint.
- Perform a thorough inventory check of all Totolink EX1200L routers.
- Track exceptions and monitor for any potential bricking of routers.
Evidence notes
The vulnerability has been confirmed in version 9.3.5u.6146_B20201023, but may also affect other versions due to unsuccessful vendor contact attempts. The CVSS score of 9.4 indicates a critical severity. The buffer overflow vulnerability in the login functionality could allow for remote code execution.
Official resources
This article is AI-assisted and based on the supplied source corpus.